The MSP Zone

Chris Massey's journey in the IT field is a testament to the dynamic nature of the managed services industry. Starting as an internal IT professional, Chris has traversed various roles, gaining invaluable experience along the way. His tenure at Bocada, DRS, and Involta equipped him with a deep understanding of the industry's intricacies. At N-able, Chris has taken on the mantle of a mentor, guiding MSPs globally. His insights are shared on the N-able podcast, 'Now That's IT,' where he delves into the evolution of managed services. The conversation with Chris Massey reveals the profound transformation within the managed services sector. From its early days of simply providing tools, the industry has matured into a comprehensive support system for partners, encompassing a multitude of their MSP practice facets. This evolution reflects the increasing complexity and sophistication of IT environments and the growing recognition of the strategic value MSPs bring to businesses. As the industry continues to evolve, figures like Chris Massey will be at the forefront, shaping the future of managed services and ensuring that MSPs remain integral to the IT ecosystem. The trajectory of managed services is poised to expand further, driven by innovation and the relentless pursuit of excellence, much like the career of Chris Massey himself.

John Street's contributions to the managed services professional community have been significant and long-lasting. His entrepreneurial journey began with the founding of MX Logic in 2002, a company that quickly became a household name among Managed Service Providers (MSPs) for its robust email security solutions. The acquisition of MX Logic by McAfee in 2009 stands as a testament to the company's success and the value it provided in the realm of cybersecurity. Continuing his visionary approach, Mr. Street established Pax8 in 2012, aiming to revolutionize the way cloud-based products are sold and managed. Pax8's innovative platform has since been instrumental in streamlining the procurement and management of cloud services, further cementing Mr. Street's reputation as a pioneer in the industry. His foresight and dedication to improving the MSP ecosystem have undoubtedly left an indelible mark on the field.

If you are an MSP, chances are you protect, monitor, and manage client data all the time. But the rules around data have changed significantly. Previously used tools, tactics, and rules are no longer applicable as data theft crimes and risk increase. Guy Bavly, CEO of Actifile (actifile.com), enters the MSP Zone to discuss these issues.

Transitioning from a traditional IT model to a managed service provider (MSP) model is a significant change that involves a strategic overhaul of business operations. The process typically includes adopting a proactive approach to IT services, which contrasts with the reactive nature of many legacy IT models. The journey from a reactive IT company to a successful MSP practice, as exemplified by David Besse and the 415 Group, involves several key steps. Initially, it requires a clear understanding of the managed services model, which focuses on proactive monitoring and maintenance, cost efficiency, enhanced security, and scalability and flexibility. A comprehensive transition plan is crucial, which should outline the objectives, assess migration targets, establish success criteria, and prioritize objectives. Overcoming potential challenges such as resistance to change and migration obstacles is also part of the process. David Besse has led the 415 Group through this transition. Under his guidance, the company has focused on offering clients the necessary services and tools for success, emphasizing the importance of a strategic partnership with an MSP that aligns with the business's goals and needs. In summary, transitioning to an MSP requires a well-thought-out plan, a willingness to embrace change, and a proactive approach to IT management. By following these steps and learning from the experiences of those like David Besse and the 415 Group, companies can navigate the complexities of this transition and emerge as successful MSP practices.

State and local governments are under attack like never before. Drive by cyber-attacks are crippling already overwhelmed governments and creating unnecessary financial and political pressure on these organizations. The source of these attacks and the methods being used is not in dispute. What is not being discussed, is the solution. So, I am going to present a very simple, immediately available solution to any governmental employee out there listening to this podcast: managed service providers! Now, I know what you're going to say. I thought MSPs added risk to our cybersecurity. That is simply not true. It has never been true. In fact, it is a falsehood propagated by inept cybersecurity insurance companies who can't figure out how to quantify their own cyber risk, so they blame the only visible party in the equation, the MSP. Now, you may be also saying, well why would I use an MSP when they are being sued by their clients for failing to prevent cyberattacks? Well, again, that's a falsehood being propagated by uneducated people in the media and elsewhere, who just don't know what they are talking about.  MSPs do not practice reactive or break/fix services. The oxymoronic phrase "reactive IT management" does not make sense because you cannot manage IT in a reactive mode. Only proactive services (i.e., managed services can truly "manage IT." Recent headlines claiming MSPs being sued by their clients are really reactive or break/fix IT companies…not MSPs! Finally, MSPs are the only organization capable of addressing the systemic issue here; the lack of consistently applied policies, procedures, and controls, designed to radically reduce (not eliminate) the chance of a cyberattack being successful.

I commonly get questions related to MSP documentation. When is a good time to start? I only need documentation for when I get certified, right? I'm going to get to that, only later on when I'm established.    The truth is, MSP documentation should start early in your practice; ideally, during the planning stages before you've started to deliver services. Here are some helpful tips so you can better understand why MSP documentation is so important, what is involved, and when you should start.    Why is MSP documentation so important?    MSP Documentation Policies - HR, legal,  Procedures/process Controls   When should you start documenting?

FUD: what does it mean? Should you use it in your MSP practice? And, is there a risk to using FUD style tactics? Fear uncertainty and doubt, otherwise known as FUD, may have been created by IBM sales professionals in the 1970s, but it certainly is still being used today by many sales and marketing professionals beyond IBM.

Niraj Tolia, CEO of Alcion, enters the MSP Zone. The deployment of AI in MSP backup tools addresses several critical challenges in the managed services industry. By integrating AI, MSPs can automate routine and repetitive tasks, such as system monitoring, patch management, and backups, which significantly reduces human error, enhances efficiency, and optimizes resource allocation. This automation leads to cost savings and improved service delivery, which is essential in a competitive market where talent is scarce and operational efficiency is paramount. The adoption of AI was driven both by MSPs' desire to stay ahead of technological advancements and by internal motivations to improve service quality and reliability. AI has made a substantial positive impact on MSPs and their service delivery by enabling proactive issue resolution. Niraj discusses his thoughts around AI in data backup, what MSPs need in a modern-day backup solution, why he decided to enter the legacy MSP backup marketplace, and how AI will empower MSPs to succeed.

In the evolving landscape of IT services, the distinction between Managed Service Providers (MSPs) and other IT service models, like break/fix or security consultancy, has become increasingly important.    MSPs offer a comprehensive suite of services that manage and assume the responsibility of a defined set of day-to-day management services for their clients, proactively and under a subscription model. This is in contrast to break/fix services that operate reactively, or security consultants who may focus solely on specific aspects like penetration testing.    The confusion arises when companies misrepresent their services as managed services, which can lead to a misunderstanding of the value and scope of what an MSP truly offers. It's crucial for businesses to recognize the signs of a genuine MSP, such as a proactive approach to IT management, a broad range of services beyond just security, and a partnership mentality rather than an adversarial one.    Understanding these differences can help businesses make informed decisions when choosing an IT service provider that aligns with their needs.

I had the opportunity to play golf with an executive who shared some very insightful perspectives about risk, cyber insurance, and MSPs. The interaction was completely by accident but the information I got was invaluable.

There is a lot of wiggle room when it comes to knowledge and implementation of compliance in a managed services environment. More precisely, MSPs must understand and operate with accurate knowledge of the difference between preparing for an audit or certification and the testing or auditing of an environment. Both components are important, but the MSP is more suited to one and not the other. Here's what MSPs need to know. Audit and certifications in a compliance setting Preparation for and audit or certification Consulting vs testing Role of the MSP in audits and certifications Preparation and consulting are the domain of the MSP MSPs actively manage infrastructure, networks, and objects being tested, therefore, the MSP should not be the one testing

For a lot of MSPs, trying to convert reactive (i.e., break/fix) clients into proactive (managed services) clients can be a struggle. No matter how hard you try, those reactive clients just won't budge. Fortunately, there is a pretty effective technique you can use to begin to impress upon your reactive clientele all the benefits and reasons they would be better off as a managed services client. Step 1: Communication. You have to have a conversation with your reactive clients about everything. Times are changing. Everyone is taking cybersecurity more seriously these days. Explain how reactive IT management isn't IT management at all; it's IT disaster cleanup. And, it can get pretty ugly. The point is, talk to your clients and let them know what's about to happen. Step 2: Put your reactive clientele through some sort of security baseline. Don't get fancy. You can use something like the CIS framework. CIS does not have a certification so you just will be assessing the client's existing controls, policies, and procedures against the CIS controls. By the way, this technique can also be used quite effectively for all new managed services prospects. Step 3: Deliver the results of the assessment and make your adjustments. What does this mean? If the client is doing everything they should be, there is no reason for them not to become a managed services client. Their billings should stabilize, their level of trust in their IT investments should be solid, and both client and MSP can sleep better at night. For clients below the CIS level, you can let them know where the gaps are, that you can fix those gaps, but that a managed services relationship is what is needed. Finally, if the reactive client still won't budge, you can raise your rates due to the provable increase in risk they represent to your MSP practice.  This technique is a combination of compliance baseline plus risk-based pricing, and it can be a very powerful and persuasive tool in getting reactive clients to understand the modern cyber world in which we live. 

Ep 276 - The term EBITDA is not something a lot of MSPs fullly understand or use regularly. As a financial tool, it is worth knowing how it is used and why. But, should you use EBITDA as a metric for managing your MSP practice? Maybe, maybe not. To answer this question, we must define EBITDA, look at how it is used within general accounting, and more specifically how it is used within MSP M&A and investing. Only then can you know whether EBITDA is something you should use regularly as a guidepost for running your MSP practice.

Recently, at the MSPAlliance Inspire meeting, I witnessed something I've never seen before, something I'm now calling the "great MSP reset." This reset is an accumulation of several different things happening at roughly the same time and I think it bodes well for the future of the managed services profession. Here's what I witnessed. MSPs are going through significant equity changes MSPs are making tool changes MSP process overhauls These activities, taken in their totality, represent a very clear sign that there is a lot of positive change taking place in the managed services profession.

Ep 277 The Great MSP Reset Recently, at the MSPAlliance Inspire meeting, I witnessed something I've never seen before, something I'm now calling the "great MSP reset." This reset is an accumulation of several different things happening at roughly the same time and I think it bodes well for the future of the managed services profession. Here's what I witnessed. MSPs are going through significant equity changesRetirement Change of leadership Making room for new blood These are not M&A deals, but continuity of MSP operations   MSPs are making tool changesIf you don't innovate as an MSP tool vendor, you risk being replaced Some MSPs are taking 20 year relationships (such as a PSA tool) and switching to newer vendors who promise more innovation, new approaches to technology, and better attention to the needs of the MSP MSP process overhaulsA lot of the MSPs are going through sweeping changes to their policies, procedures, and processes. Much of this is organic and is NOT due to the change in their vendor tools, but a lot of the MSPs are using the tool changes as an excuse to overhaul their processes   These activities, taken in their totality, represent a very clear sign that there is a lot of positive change taking place in the managed services profession.

Does EBITDA Matter for MSPs? The term EBITDA is not something a lot of MSPs fullly understand or use regularly. As a financial tool, it is worth knowing how it is used and why. But, should you use EBITDA as a metric for managing your MSP practice? Maybe, maybe not. To answer this question, we must define EBITDA, look at how it is used within general accounting, and more specifically how it is used within MSP M&A and investing. Only then can you know whether EBITDA is something you should use regularly as a guidepost for running your MSP practice.

A lot of MSPs spend the majority of their time focused on revenue growth, and for good reason. If you're not growing, you're shrinking. But, not all revenue is the same. In fact, some revenue types may actually be harming your managed services growth. Confused? Don't be. There are some really simple metrics you can use to begin aligning your MSP practice towards a pro-growth future.   Revenue Mixture: What is it? Proactive IT offerings (i.e., your managed services deliverables) Professional services (non-recurring services such as consulting) Hardware & Software Revenue Mixture and Why It's ImportantRevenue mixture can tell you a lot about who you really are One of the most important MSP KPIs you can track Revenue mixture can help your MSP practice Promote proactive IT products Properly prioritize your reactive revenue streams Add discipline to your practice regarding new clients Improve valuation

Recently, one of our members reached out with some questions about how to achieve growth while simultaneously addressing a sizeable break/fix client base. It's a really good question and one that I know a lot of MSPs face. First, acknowledge that break/fix customers inhibit managed services growth Second, have a plan to migrate those break/fix customers to managed services plans Third, execute your plan and have a timeline. Don't make it an "open-ended" strategy.

It's that time of year again. Time to review the past year and look to the future and predict what is likely to happen.   The MSP world is changing more rapidly than ever before. Let's take a look at what 2024 has in store for the MSP profession.   Ransomware Responses Changing: MSPs (and customers) have to look at ransomware in a very different way in 2024. As numerous governments worldwide continue to march towards inevitable prohibition of ransomware payments, MSPs need to adapt to this evolving threat response and develop new service delivery models to help their clients prepare for breaches and attacks.   Break/Fix is still dead. If you are clinging to reactive IT service delivery models, be aware that the break/fix business model is still dead. If you have reactive clients, either a) convert them to managed services, or b) terminate your relationship with them. It may sound harsh, but times change and we all have to keep up with change!   AI or no AI, that is the question: No matter what your opinion of AI happens to be, you have to have one (an opinion, that is). Some MSPs are pursuing AI technology to be a force multiplier of their existing team, while other MSPs are having to confirm to customers that AI will not be part of their managed services experience.   Create your MSP Baseline: All MSPs should be entering 2024 with the objective of creating an MSP baseline. What is an MSP baseline? The minimum requirements you have for any managed services customer. This baseline will be different for each MSP. But you should have one because we are now at a point in our profession where all organizations ought to be practicing some minimal level of security standards.   Review/Adjust MSP Pricing: Once you have created your MSP baseline, then the fun begins. It's now time to establish or adjust your risk based pricing models. It does not matter what type of pricing model you use, you can always apply a risk based pricing element to that model. Implementing a risk based pricing model with the aid of managed services baseline becomes incredibly easy; or at least much easier than trying to apply some regional minimum wage labor rate model.   What's your compliance situation? Compliance is one of those topics (like AI) where you have to have a position. As so many customers are turning to their MSPs for help with compliance related matters, MSPs cannot claim ignorance on the subject of compliance. Whether you have a formally developed CaaS/vCISO/vCIO program, or you are just casually helping clients fill out cyber insurance forms, MSPs have an undeniable role to play in modern compliance and should act as such.   XDR Upgrade: For those of you still using (or selling) legacy anti-virus and firewall technologies, it's time to upgrade your tool belt. For MSPs, it is considered a current best practice to have some form of XDR technology deployed internally in your MSP practice. For customers, XDR would also be considered a modern day best practice for any sized organization. If your NOC/helpdesk team is stretched thin, consider a managed XDR/EDR solution (they'll thank you for it).   Get Cyber Verified: It's 2024. If you haven't started the process of getting your Cyber Verify certification, you should start your planning. Not only will it open up new opportunities for your MSP practice, it's also a great way to simultaneously achieve compliance with many globally recognized certifications and audits!

MSPs vs Vendor Controlled Remote Access The FBI advisory to private sector industries was released and raises some interesting questions regarding MSPs. While not specifically mentioning MSPs by name, the advisory covers general threats from ransomware and how they are being executed. Doesn't mention MSPs, but they are clearly being addressed in this notice 3rd parties and legitimate system tools All the guidance the FBI provides is already well established in the MSP Verify program   Unmanaged vs Managed IT Unmanaged Devices - still think break/fix is an effective IT management model? “80 to 90 % of all compromises originate from unmanaged devices...Most human-operated ransomware attacks attempt to compromise or gain access to unmanaged or bring-your own devices (personal devices used to access work-related systems and information). These typically have fewer security controls and defenses" - Microsoft   If you read this Microsoft quote and still think reactive IT is a viable business model or IT management model, think again. Break/fix or reactive IT is not managed IT, it's IT crime scene clean up If you are like many MSPs have a mixture of managed services and reactive IT clients, have a plan to deal with this situation If rising cyber premiums, guidance from the FBI and countless other government agencies, and overall awareness about cyber threats are not enough to convince your break/fix clients, guess what, they're using you to offload their risk.   My M&A Challenge to MSPs in 2024 I would like to encourage those MSPs out there attempting M&A strategies to consider this challenge for 2024. You may be surprised by what I have to say, but if you think about it I hope you will see the logic and value behind it. What is your M&A strategy and how does it fit into your overall strategy? M&A isn't a corporate growth strategy M&A challenge for 2024Geography Service expansion Market/customer expansion Revenue doubling

The end of Ransomware? You may have seen some news lately about the US government working with other governments to ban ransomware payments. Well, I'm not so sure it will stop ransomware but it is an interesting topic and something we should discuss. Banning ransomware; what impact would it have? Government bans on ransomware payments will change how MSPs "manage" those clients Private sector should pay attention     Can MSPs be more proactive? I read an article who's headline talked about MSPs being more "proactive" with their customers. It occurred to me that this type of guidance is not aimed at MSPs, but instead at break/fix companies. Which begs the question, why include MSP in the title at all? And there lies the problem. These articles cannot distinguish between MSP and non-MSP. Reactive IT providers…there are expectations you must meet when joining the ranks of the professional MSP Being more proactive means being an MSP; that's the point! You can't be a little proactive; it's either all in or nothing at all   You can't "resell" compliance   vCIO or CaaS offerings depend on your familiarity in speaking the MSP compliance language. We are talking to a lot of MSPs today who look at compliance in a way that is very short sighted and not what will make a competitive difference in the MSP organization over the long run.   What does it mean to "speak MSP compliance?" Understand compliance frameworks which matter to your customers Understand the role your MSP organization plays in customer compliance Reselling a GRC tool does not make you a compliance expert

There is no recession in managed services You may be watching the economic news out there and thinking to yourself, how will this impact my managed services business. It's a good question to ask.   Economic indicators seem to be pointing to some form of recession or slowdown (some call it a soft landing) in the near future. For all we know we might already be in a recession. But, does a recession mean MSPs are going to be hit as well? Not if the past is any indicator. Historical recessions impact on MSPs Gartner IT spending projections looking really good How to prepare for economic downturns Managed services (including security) should be a significant shelter from any storm vCISO, vCIO, CaaS offerings will strengthen any managed services practice   Should MSPs be concerned about job loss to AI? Ever since ChatGPT launched many articles have been written about AI causing massive job loss in the future. While I would agree there are industries in dire need of innovation which typically cause large scale job shifts, managed services is not one of them. Job openings in managed services profession still unfilled AI is not going to solve anything close to all the labor shortages facing MSPs AI still needs to be managed (managed AI?) AI should be evaluated as an extension of your MSP workforce, not a replacement of it   Advice for 1 person MSPs There is nothing more exciting (or scary) than being a one person business owner. Managed services, like many other professions, has its share of one person MSP shops. I recently talked to one such MSP who wanted advice on how to grow beyond just himself. Partners Employees Capital Organic (can be tough and take a while to see results)

In this riveting podcast episode, join us as we delve deep into the intricate landscape of recent high-profile cyber-attacks that have sent shockwaves through the digital realm. Our seasoned guests, Shannon Wilkinson, the CEO of Tego Cyber, and Brent Watkins, the Director of Business Development at Tego Cyber, step into the MSP Zone to unravel the layers of these incidents, providing invaluable analysis and guidance that every Managed Service Provider (MSP) should heed.   Our exploration begins with a meticulous examination of three notable targets—MGM, Caesars, and Okta—each falling victim to distinct cyber onslaughts. We not only examine the sophisticated methods employed by the attackers but also dissect the responses undertaken by the affected organizations.   As organizations increasingly rely on dynamic and interconnected systems, change management processes become a potential vulnerability ripe for exploitation. Our guests shed light on how attackers leverage change management loopholes, emphasizing the critical need for MSPs to redefine their strategies and bolster defenses in this evolving threat landscape.   Tune in for a captivating journey through the intricacies of cyber warfare. Whether you are an MSP looking to sharpen your defense strategies or a cybersecurity enthusiast keen on staying ahead of the curve, this episode promises to be a compelling source of insights and actionable takeaways.

How are MSPs dealing with CMMC? John Burgess, from Mainstream Technologies drops into the MSP Zone to discuss how MSPs should deal with the changes coming from CMMC, but how they can stay ahead of them as well.  Regardless of where you stand on the issue, having something to say about compliance is a wise thing these days. MSPs with exposure to CMMC have a lot of revenue and trust potential, if they act. If MSPs stay silent on the issue when asked, that could lead to an erosion of trust and lost opportunities. MSP Zone Highlights: What is happening right now in the CMMC/DIB community? What opportunities are there for MSPs and CMMC? What can MSPs do during cybersecurity awareness month?  

Poor MSP Growth May Not be Due to Lack of Sales Many times, I hear MSPs complain about their stagnant or lack of growth. Now, regardless of whether you have a sales team and process or if you predominantly rely on referrals, lack of growth can frequently be caused by two general issues: inefficient process, and lack of customer focus. Limited service catalog Defined customers With these two elements, you can develop an effective sales and/or referral program Frankenstein Compliance If your MSP practice is running around, chasing the latest framework, you may be setting yourself up for a difficult road ahead. We hear a lot of MSPs contact us because they want to be complaint with some new framework they've heard about. While being compliant is not a bad thing, there is a right way and a wrong way to go about achieving MSP compliance. Start with UCS; which will get you your own controls Then, you map your controls to other frameworks If you start with non-MSP frameworks, you will end up with a lot of confusion and potential for chaos. It'll also cost you time, resources, and money MSP M&A Integration: What are your baselines?  If you are an MSP considering merging with or acquiring another MSP, pay attention. Aside from all the other risks associated with M&A, there are some very easy steps you can take to radically lower your risk once you've completed your deal. Develop your baseline What is a baseline? Baseline during due diligence

About a year ago I started to hear MSPs talk about a new company, Halo PSA. It turns out, this company is not new, but they are doing some rather innovative things in the MSP ticketing space and being somewhat disruptive. So, we decided to reach out and invite Tim Bowers, CEO of Halo PSA to join the MSP Zone and talk about his company and what they are doing. What is Halo PSA? Origins of the company Being disruptive in the PSA market Why are MSPs talking about Halo PSA so much?

In this MSP Zone spotlight Travis Spring, vice president of Sagiss, joins us to share his thoughts on the MSP market. We discuss a wide range of topics, from economics, labor, technical, AI, and other business issues which impact all MSPs.   Economy and its impact on managed services The impact of AI on MSPs Are MSPs using AI? Labor challenges facing MSPs

Modern lead generation is a racket I receive a lot of "lead generation" cold calls and emails. When I say these solicitations are horribly bad, I am being generous. MSPs get hit up all the time to create or expand their cold calling efforts and if these same groups are soliciting them, this is crazy. Does cold calling really work for MSPs? Cold calling vs Inbound lead generation MSP content must be a factor of your marketing and lead cultivation   Control Frameworks: Which is right for you? A lot of MSPs today are struggling with where to start on their compliance journey. Usually, this confusion manifests itself in deciding on a control framework. But, what if there are multiple frameworks? What if your customers pull you into different control framework directions?   All reasonable questions and we'll give you some easy tips on how to start making sense of everything. What is relevant to your customer? Do it once, then translate MSP controls are different from client controls   The MSP Business Plan Most people don't like to hear this but the very first step you should take when deciding to become an MSP is develop and write a business plan.   Highlights: Provides structure for your MSP goals Prevents missteps and waisted resources Eliminates a lot of effort downstream Faster time to market Identify relevant control frameworks sooner

MSP Growth Exaggerated? Canalys is doing some great work in analyzing managed services. Long overdue. Disproportionate # of MSPs actually producing revenue. Hardware/software influence (more on this in the next segment)   Do MSPs Impact Hardware Sales? I recently saw someone promoting a webinar on the topic of MSPs increasing hardware sales, and it caught my eye. It's not a typical subject we see discussed these days, but it is still a relevant one. Legacy role of MSPs and hardware Modern day MSP and hardware Defensive (prevent encroachment by other MSPs) HaaS MSPs as hardware/software influencers   Co-Managed IT: Is it Possible? I see a lot of websites promote co-managed services offerings. Given the sheer number of these offerings I assume that co-managed services is enjoying some measure of success these days. However, questions must be presented (and answered) before any MSP ought to proceed with a co-managed services offering. Maturity of the client Customer IT capabilitiesTechnical Controls Participation of client management What does the agreement say?

Out of the Box MSSPs This story came to us from one of our friends, Brent Watkins. At first, I thought it was a joke, but upon a second look, it wasn't. Completely serious promo from a security vendor…become an MSSP in 1 day! Unbelievable? I assure you it is not (the claim, not actually becoming an MSSP in a single day).   Talk to any legitimate MSP out there and they'll tell you being an MSP takes practice, focus, and execution of strategy. Claims like this one ultimately harm the MSP profession. Why do vendors make these claims? Am I anti-MDR? How do customers view this type of messaging?   Still unsure about whether to call yourself an MSP? In a recent episode I addressed a member email where they asked the question whether MSPs should still be using the term MSP and managed services. Just as we published that episode I saw this article about 4 reasons businesses should consider using an MSP. Need I say more? Customers still use MSP and managed services The name MSP isn't your problem Companies afraid of the obligations associated with MSPs might want to avoid the term   MSPs Cautiously Optimistic about AI In a recent webinar we discussed the pros and cons of artificial intelligence in a managed services practice. The real interesting stuff happened (as usual) in the Q&A where a lot of the MSPs said they were evaluating (or actually using) AI. But, there were a lot of restrictions about how they were planning on using it. AI has legitimate use for internal MSP operations Most MSPs hesitant about using AI in any customer interfacing way

SEC Adopts Cyber Disclosure Rule The securities and exchange commission recently made news with an announcement of their cybersecurity disclosure rule. While this isn't the first governmental agency to announce such a rule, it should confirm to every MSP on the planet the direction in which we are headed and offer plenty of guidance for handling privacy and security incidents. SEC rule explained Purpose behind the rule Impact of the rule on MSPs and clients Failure to comply (i.e., lack of compliance)   MSPs Confused About Who They Are I received a great email from one of our members asking me for an opinion. Now, I've discussed this topic a lot in recent years but its good to see MSPs still caring about this enough to email into the program.   My advice for MSPs wondering if managed services still has value left in it.    Master MSPs Play Crucial Role in Certification The role of the master MSP has definitely evolved over the past decade. The needs of partners evaluating a relationship with a master MSP has certainly changed. But, in one crticial aspect, the relationship between master MSP and partner MSP has not changed; that is regarding compliance.   As MSPs develop relationships with external service providers (i.e., master MSPs), these relationships must be examined from a risk/reward basis. Here are some questions you may want to consider asking with regards to your ESP relationships.   Managed service supply chain - how does the ESP impact this risk? Do they increase or decrease my risk? Does any part of the ESP help me with my own MSP practice controls? Does the ESP have its own compliance and certification house in order?  

Is it better to be cyber secure or cyber resilient? If you think this is a trick question, it isn't. There are many who believe that security is solely a matter of defense. While defensive measure are crucial to any MSP (or their customers), preparing for eventual attacks which are successful, is also crucial.   So, what is an MSP to do? Here are some simple measures every MSP ought to be doing right now to be both prepared for cyber-attacks, but also resilient to them if they are successful. PlanningDocumenting your plans Identifying where your risks are Anticipating those attacks, and eventual breaches TestingTest means test Test, and often Document your test results. Learn from them MonitoringKeeping a watchful eye on your internal MSP network and IT assets RMM isn't enough   More Fake MSPs I no longer trust websites. When you hear this story you may not either. While this story is completely true, it is also, regrettably, a reality we must face as a profession and fix!   Urgent News for Break/Fix Providers Three decades since the first MSPs were created, we still have IT organizations who are in doubt as to the business model around managed services. If these non-MSPs can't be persuaded based on the logic of the business model alone, perhaps we can present a very real economic motive for getting rid of your break/fix and reactive customers. Remember, no matter how much your client's try and make you think that reactive IT services are the best for them, they are wrong!

I often hear MSPs talk about innovation: but what does that mean? To get one answer, I invited an MSP CEO to join me in a conversation about the innovation that goes into being an MSP, and the impact such innovation has on the business and customers. I was able to do just that when Jimmy Puckett, CEO of SPINEN, entered the MSP Zone. Being innovative does mean customers need to come along for the ride. What if some customers don't want what you are creating? Getting rid of problem clients, particularly those clients who do not embrace managed services, is not always easy.  Jimmy and I spoke about why MSPs may want to fire their clients, particularly if they do not want to evolve as technology evolves. We talked about innovation in the managed services profession. We also discussed how MSPs rely on their vendor partners to continuously evolve and develop new technologies to help MSPs maintain success. Highlights: Who is SPINEN? Why they fired 70% of their clients Vendor relationships and how to keep them productive Innovation involving artificial intelligence

The MSP Generation Divide Time changes everything. That certainly seems like an appropriate saying when examining the managed services profession. MSPs seem to be getting younger and younger every year. Or maybe we are just getting older. The point is, the generational divide amongst MSP professionals is increasing. We have older and younger members of our profession, and a lot of knowledge must be transferred between these generations.  New MSP generation doesn't have preconceived notions of managed services Younger MSP generations have a lot to learn Younger MSP generations need access to the veteran MSPs Vulnerability Scans Don't Do This Many people believe vulnerability scans are a magic bullet, capable of solving lots of different problems. While vulnerability scanning technology is a necessary tool in the MSP tool belt, it is not a cure-all and should be utilized cautiously and appropriately. Vulnerability scan use cases Vulnerability scans: what they don't do Vulnerability scanning isn't a business model Why the MSP Name is Valuable We have two examples of the "MSP" word being misused or misapplied. One example involves an end-user, the other example involves MSPAlliance. End-user organization fooled by cyber consultant claiming to be MSP MSPAlliance mistakenly believes organization is MSP despite clear language on their website

What do PE Firms Want from MSPs? For the last several years MSPs have been courted by private equity firms desperate to enter the managed services space. At the risk of being obvious, what do private equity (PE) firms want from their MSP investments? It's an important question and knowing the answer can help you successfully navigate the process of working with a PE. PE vs other MSP buyers Types of investment Hold times   Managed Service Sales is Easier Than you Think Stop overthinking sales. After reading a sales book (non-MSP) I'm convinced that the majority of MSPs have over complicated their approach to sales. Instead of focusing on native skills which all MSPs should have, they believe that it is necessary to acquire sales capabilities which are not native to most sales organizations and may be harmful to selling managed services. Are closing and handling objections the real barriers to successful MSP sales? The MSP sales magic bullet? Lead generation and account handling   Help me fix my MSP pricing MSPs struggle with pricing. Pricing questions come up many different sizes of MSP organizations (so it's not just an SMB issue). There are many reasons why MSPs might believe their pricing is either too high or too low. Following these simple methods should help you get a lot more comfort around how and where you price your managed services. Pricing methods revisited Prices are too high Prices are too low Pricing KPIs

Are Accounting Firms Squeezing MSPs? Misunderstanding MSPs in the larger IT channel discussion Why are accounting firms getting into managed services? How does the CPA community impact MSPs moving forward?   Could the Master Cyber Provider Model Backfire? Those who ignore history are doomed to repeat it. Truer words were never spoken, particularly in the IT channel. Way back when managed services was just getting started, the master MSP model emerged. There are important lessons to be learned from this era, particularly when we start to see history repeating itself today. It's like déjà vu. Role of the "master MSP" then Today's "Master MSSP" Resellers vs MSPs, it really does matter!   Manages Services Pricing Reality Check There are a lot of methodologies for approaching managed services pricing. Regardless of what method you choose (and you should have a method), understanding the role of risk as a prime pricing determination factor is important. So, important, if you forget to include it you could be risking a lot more than just low margins. Risk based pricing revisited Understanding the role of margin in your pricing Avoiding commodity price traps  

Internal IT vs MSP Can an MSP do everything an internal IT department can? That is the quintessential question the world has been asking for 30 years. Just because an organization has an internal IT department does not guarantee that it will be efficient. In fact, all IT departments face the same choices as IT service providers: you can be proactive or reactive. Struggles of internal IT Natural barriers of scalability with internal IT Reactive vs proactive internal IT   MSP Market Still Growing According to Allied Market Research , the MSP market is growing at a solid rate and will reach growth of more than 11%, with an estimated revenue of $594 billion globally by 2031. Now, this study focused entirely on enterprise class MSPs, but it still has some value for the rest of the MSP community. If managed services is growing at the enterprise level, there is no reason to believe it is doing anything different at the mid-market and SMB levels The drivers behind the growth are also applicable to all levels of the MSP market; factors such as adoption of cloud computing, keeping IT management costs in line, and increasing data security threats. At these levels, managed services will represent half of all IT services spending around the world.   Does Size Matter in Managed Services? I hear a lot of MSPs talk about what they would do if they only had more resources. While more resources can make a difference, it isn't the only thing that indicates success in managed services. In fact, there are many examples of large organizations who have very poorly run managed services operations. Efficiency, not size is what matters Resources only gets you as far as your process It's all about execution

N-able CEO Advises MSPs on Upcoming Challenges N-able held its partner conference in Prague recently and their CEO had some very interesting comments regarding the economy, compliance, security, and other "challenges" facing MSPs. Headwinds for the rest of the economy are tailwinds for MSPs, if they position themselves correctly  Major "business" shift for MSPs This is a very simple adjustment for MSPs, if you don't look at it as a technical change MDR vs MSP Do you think managed detection and response is the same as managed services? Think again. Many people conflate these two practices but they are not necessarily the same; although they can be. Confused? Don't be. Definition MDR Defining MSP Venn Diagram solution Tightening Credit Markets Present Interesting Choice for MSP channel As the US (and others) government attempts a soft landing from a red hot economy full of inflation and cheap currency, there are two solid choices for the IT/MSP channel. The choice your company takes will greatly depend on whether you are closer to an MSP or closer to a break/fix company. IT lending Product (project) refreshes Using managed services to push through difficult economic periods

Can MSPs "Guarantee" Compliance? It's no secret that many MSPs are helping clients deal with compliance issues. Whether this is gathering evidence for a client audit, or simply offering traditional managed services to demonstrate compliance for a given framework.   However, when it comes to guarantees, compliance may not be the area where you make any guarantees. Here's why. Compliance within the MSPs' control Customer interference Making guarantees in the first place   Benefits of Managed IT Services for Proactive Monitoring, Maintenance, and Support - Tech Guide   Converting Reactive Clients to Proactive As some economists are predicting a 2023 Q4 recession, making sure your MSP ship is in excellent condition for potentially rough seas is a good thing. What could you be doing to better prepare your MSP practice for difficult times? Converting as many reactive customers to managed services would likely be a great starting point. Here's some advice on how to do just that! First, why conversion to proactive is necessary Migration strategiesCompliance Security/privacy It's the only choice! Get creativeOffer incentives Sunset your reactive practice   Should MSPs get Involved with Customer Policies This topic was discussed at the last MSPAlliance Inspire meeting and the debate was interesting. What was unanimously agreed upon was there is a role for the MSP to play in compliance with their customers. What was in dispute was whether working on client policies was something an MSP ought to do. MSP influence customer compliance all the time MSPs compliance roles Compliance can involve controls and policies, or both

Weaver Outrage Meter: Low   Don't Rely (too much) on Cyber Insurance Barracuda surveyed 400 enterprise IT and security professionals globally, ranging from IT managers to CISOs, to discover the biggest cybersecurity challenges businesses face in 2023. Are organizations placing too much emphasis on cyber insurance? What should MSPs do about this? Are cyber insurance policies being used to target ransomware victims?   MSP Economics Update for Q2 We just had the latest MSPAlliance Inspire meeting last week in Boston and it was a blast. A little chilly but the group went to a Red Sox game, had a great time, and also got a lot accomplished. One of the outcomes was an update of unanimous agreement regarding the economy and its impact on managed services operations. Is the Q1 slow down still in effect? What does Q2 have in store for MSPs? What are MSPs doing to plan for the future?   Should MSPs Represent Themselves During M&A Deals? We are in the middle of a curious period of MSP M&A. M&A deals seem to have slowed, and yet MSPs still report pestering from brokers and buyers trying to sign them up as clients. What can we make of this? M&A demand is still strong amongst the MSP profession Every MSP (buyer or seller) should have representation Don't fall for traps that entice you to represent yourself

Weaver Outrage Meter: Low   AI Ethics in Managed Services You heard correctly. Ethics in artificial intelligence. This is going to be a big issue moving forward and MSPs had better familiarize themselves with what is happening because before too long, MSPs will be dealing directly with AI devices and scenarios.   Compliance reporting All the discussion around compliance lately is missing one crucial element: reporting. Without reporting, no compliance exercise you undertake will be of use to anyone outside your organization. Compliance reporting Balancing transparency with security Lessons learned from FFIEC   Making Peace with Cyber Consultants The old adage is "if you can't beat 'em, join 'em." Well, that's not exactly the issue here but it's close. Maybe a better way to put it is "if they can't beat you, they should join you." Cyber consultants are likely here to stay, which is not to say that we can't (or shouldn't) attempt to forge a pathway that is, if not together, at least on parallel tracks. Cyber workers are like anyone else…they all start from the beginning Cyber workers need to understand their own career path Cyber workers need to understand MSPs and be respectful of the role they have

Weaver Outrage Meter: Low   Cyber Consultants at it Again We have been coming across a unique brand of marketing and website design company lately; yes, you guessed it, they also do cybersecurity. It seems difficult not to come across cyber security "experts" these days, even if that claim may be dubious. Marketing gets into cybersecurity Cyber consultants need understanding of MSPs First do no harm!   Managing MSP remote workers (ticket reviews) Since the pandemic remote work has exploded. The same is true within the managed services sector. MSPs, however, have some unique methods they can use to ensure their remote technical staff are actually being productive. Unproductive remote workers Lack of data Ticket review benefits   Compliance isn't Security With so much noise around compliance, I thought it might be nice to explore some fundamentals around compliance, what it is, and what it is not. Security isn't compliance either Being secure is its own goal and reward Compliance is about communication and transparency

Weaver Outrage Meter: Low We have officially wrapped up Q1 2023 and its time to evaluate how the managed services profession did  and what the outlook is like. Q1 analysis MSP outlook Tech stock performance S&P 500 doing well because of IT stocks https://stocks.apple.com/A4qzi73EUTAqsG5chNLDjkw Cyber Consultants Continued We have been discussing (for years) the ongoing evolution and emergence of consultants in the cybersecurity field and the impact they are having on managed service providers (and their clients). We have an update on this topic from actual MSPs who are encountering these consultants in the field and the feedback may surprise you. MSP interaction with cyber consultants (mature vs reactive MSPs) Agenda of the cyber consultant movement What can MSPs do? AI vs Automation MSPs need to evolve. Evolutionary change has been a constant in the managed services profession since its beginning in the early 1990s. As MSPs search for ways to become more efficient and scalable, an emerging debate is presenting itself as we understand more about artificial intelligence and automation tools. AI vs automation AI risks in managed services MSP guidance for automation and AI technologies

Weaver Outrage Meter: Low   North Dakota Announces Mandatory Cybersecurity Education   North Dakota just announced a new educational mandate for grade school students to learn more about cybersecurity. Such a move is not only a smart one, but it is going to have a positive impact on future generations of cybersecurity professionals.   Cyber skills gap acknowledged Good example of government leadership and action Good news for MSPs (and other employers) in the near future   https://www-kxnet-com.cdn.ampproject.org/c/s/www.kxnet.com/news/state-news/north-dakota-is-first-state-to-approve-required-cybersecurity-education/amp/   MSP Recession Planning   More talk about a recession here in the United States; it seems inevitable that we are headed into, or may already be in a recession. What, if anything, can you do to prepare? Credit tightening will impact service providers, but more so on the reactive side. VARs, system integrators, break/fix companies, these are the types of IT business models most vulnerable to tight credit markets and will feel the financial pain more acutely compared to an MSP with steady, predictable recurring revenue and cash flow.   Historical impact of recessions on MSPs Credit markets tightening, who will suffer most? Can MSPs thrive during recessionary periods?   CaaS dangers MSPs should avoid   Compliance as a Service is getting more attention in the IT channel. With such attention, MSPs (and non-MSPs) are both jumping onto the CaaS bandwagon. But, just as with most things in life, there are right ways and wrong ways to go about developing a CaaS strategy and offering. Here are some helpful tips to get you pointed in the right direction.   Beware of reactive CaaS providers Scanning is not compliance If you've never been through an external organizational certification or audit, CaaS is probably going to be more challenging for you

Weaver Outrage Meter: Low   What is continuous compliance? Sound like a headache? It isn't. Continuous compliance is where the managed services profession is headed and MSPs had better start preparing now.   Continuous compliance defined Why continuous compliance is the future Guidance for transitioning from standard to continuous   Recent news stories would have you believe that the recent bank failures are really caused by underlying fractures within the tech sector. Let's examine an alternative theory for what is really happening.   Big tech layoffs Bank failure root causes Health of MSP market   We are seeing more “providers” intentionally (or not) being vague about the types of services they are offering. Here's why this is a bad idea.   Problems with mislabeling your services MSPs who aren't, and cyber providers who claim MSP status You can't run from what you do

Weaver Outrage Meter: Low   First, let's discuss Silicon Valley Bank (SVB). You may be wondering what does SVB have to do with managed services. Good question. Nothing directly ties SVB to managed services, other than there are a number of MSPAlliance members who bank there and may be impacted by recent events.   Will SVB have any long or short term effects on the managed services profession? Is the SVB collapse an indicator of technology health?   Second, some advice for MSP startups. Much of the discussion around compliance and achieving certifications for MSP organizations has been focused on more mature MSPs. This needs to change.   Since the launch of Cyber Verify, we will be spending a lot more time dealing with the issue of MSP compliance, especially for MSP startups and less mature organizations.   Make compliance an "everyday" part of your business Start with your policies and procedures documentation Use platforms like Cyber Verify to begin mapping your control gap areas so you have a remediation plan   Third, let's talk about managed services pricing. We mostly discuss pricing when we talk about raising them. But, let's just examine why an MSP might want to consider lowering their pricing.   Price economics Security standardization Automation and other methods of lowering service delivery costs

Weaver Outrage Meter: Medium   MSP Zone examines the idea of a cyber tax, what that would look like, and whether a cyber tax would be a good thing for MSPs Highlights: Cyber tax credits Codes of conduct Government oversight?   Cyber Verify has been launched. What is Cyber Verify? How can it help MSPs at both ends of the MSP maturity spectrum?   The Art of Managed Services 2nd Edition is now available for purchase. What went into the 2nd edition? What has changed since the first edition was published in 2007?   Supplemental reading: Cloud Computing Needs a Universal Standard - WSJ

Weaver Outrage Meter: Low)   In the US, we just had our national state of the union address, so we thought it would be fun (and interesting) to do our own state of the union address on how the managed services profession is doing in 2023.   Drawing from global IT spending data and MSPAlliance member input, we have put together some of the more noteworthy areas of interest to MSPs in 2023, both areas of opportunity and issues of concern.   Enjoy   Highlights: IT Spending for 2023 Compliance challenges and opportunities MSP market differentiation

Weaver Outrage Meter (Low)   There are many reasons why you would want to work with a provider of managed services. During a recession (or the threat of a recession), IT and business needs tend to become a bit more clear and in focus as you come to reality about what it is you really need versus what you don't. The benefits of managed services really only apply to true MSP organizations. We are not talking about break/fix and reactive IT companies as they do not create the same types of economic and IT benefits as a managed services provider.   Highlights: PredictabilityIT performance IT spend FlexibilityAdjust up Adjust down SecurityStabilization Constant monitoring Not reactive

Weaver Outrage Meter (Low) Many MSPs think of compliance as a "once a year" activity. Much like doing your taxes, compliance is a doing it once and then forget it event that gets revisited next year. This is dangerous thinking and should be part of every MSP's new year's resolution for 2023. Compliance doesn't have to be a dirty word. In fact, compliance should have nothing to do with tax preparation or any other dreaded activity you have to do on an ongoing basis. Instead, compliance ought to be like breathing; second nature to all MSPs. Sound too easy? It isn't. There are a few simple tricks you can take to get your MSP practice headed down the path of continuous compliance. Highlights: Continuous vs cyclical compliance Compliance is a team sport Compliance documentation and evidence

Weaver Outrage Meter (Medium)   I recently read a blog written by a government about how to properly use MSPs in a cloud environment. Now. I am not sure what background this author has but I'm assuming a good number of people read and approved of the article since it was published (for the public to read) on a government website.   I do not like attacking people directly when they have no ability to respond to the allegation but in this case, I believe the idea raised is so contentious that it must be addressed. So, that is what I intend to do.   I won't name the person or the organization, but I do intend to discuss the nature of the article and what it purports to encourage: namely, that MSPs ought to behave more like cloud providers.   Highlights: What attributes of the cloud provider ought to be mimicked by the MSPs? How do MSPs and cloud providers interact? If MSPs did not exist, would the cloud provider be able to service the customer? Do we really want MSPs to be more like cloud providers?